Threading as a service

ABSTRACT

A service manages a plurality of virtual machine instances for low latency execution of user codes. The plurality of virtual machine instances can be configured based on a predetermined set of configurations. One or more containers may be created within the virtual machine instances. In response to a request to execute user code, the service identifies a pre-configured virtual machine instance suitable for executing the user code. The service can allocate the identified virtual machine instance to the user, create a new container within an instance already allocated to the user, or re-use a container already created for execution of the user code. When the user code has not been activated for a time-out period, the service can invalidate allocation of the virtual machine instance destroy the container. The time from receiving the request to beginning code execution is less than a predetermined duration, for example, 100 ms.

CROSS-REFERENCE TO CONCURRENTLY-FILED APPLICATIONS

The present application's Applicant is concurrently filing the followingU.S. patent applications on Sep. 30, 2014:

Attorney Docket No. Title SEAZN.982A MESSAGE-BASED COMPUTATION REQUESTSCHEDULING SEAZN.983A LOW LATENCY COMPUTATIONAL CAPACITY PROVISIONINGSEAZN.984A AUTOMATIC MANAGEMENT OF LOW LATENCY COMPUTATIONAL CAPACITYSEAZN.990A PROGRAMMATIC EVENT DETECTION AND MESSAGE GENERATION FORREQUESTS TO EXECUTE PROGRAM CODE SEAZN.991A PROCESSING EVENT MESSAGESFOR USER REQUESTS TO EXECUTE PROGRAM CODE SEAZN.997A DYNAMIC CODEDEPLOYMENT AND VERSIONING

The disclosures of the above-referenced applications are herebyincorporated by reference in their entireties.

BACKGROUND

Generally described, computing devices utilize a communication network,or a series of communication networks, to exchange data. Companies andorganizations operate computer networks that interconnect a number ofcomputing devices to support operations or to provide services to thirdparties. The computing systems can be located in a single geographiclocation or located in multiple, distinct geographic locations (e.g.,interconnected via private or public communication networks).Specifically, data centers or data processing centers, herein generallyreferred to as a “data center,” may include a number of interconnectedcomputing systems to provide computing resources to users of the datacenter. The data centers may be private data centers operated on behalfof an organization or public data centers operated on behalf, or for thebenefit of, the general public.

To facilitate increased utilization of data center resources,virtualization technologies may allow a single physical computing deviceto host one or more instances of virtual machines that appear andoperate as independent computing devices to users of a data center. Withvirtualization, the single physical computing device can create,maintain, delete, or otherwise manage virtual machines in a dynamicmanner. In turn, users can request computer resources from a datacenter, including single computing devices or a configuration ofnetworked computing devices, and be provided with varying numbers ofvirtual machine resources.

In some scenarios, virtual machine instances may be configured accordingto a number of virtual machine instance types to provide specificfunctionality. For example, various computing devices may be associatedwith different combinations of operating systems or operating systemconfigurations, virtualized hardware resources and software applicationsto enable a computing device to provide different desiredfunctionalities, or to provide similar functionalities more efficiently.These virtual machine instance type configurations are often containedwithin a device image, which includes static data containing thesoftware (e.g., the OS and applications together with theirconfiguration and data files, etc.) that the virtual machine will runonce started. The device image is typically stored on the disk used tocreate or initialize the instance. Thus, a computing device may processthe device image in order to implement the desired softwareconfiguration.

BRIEF DESCRIPTION OF DRAWINGS

The foregoing aspects and many of the attendant advantages of thisdisclosure will become more readily appreciated as the same becomebetter understood by reference to the following detailed description,when taken in conjunction with the accompanying drawings, wherein:

FIG. 1 is a block diagram depicting an illustrative environment foracquiring low latency compute capacity;

FIG. 2 depicts a general architecture of a computing device providing avirtual compute system manager for acquiring low latency computecapacity;

FIG. 3 is a flow diagram illustrating a low latency compute capacityacquisition routine implemented by a worker manager, according to anexample aspect; and

FIG. 4 is a block diagram illustrating processes of virtual machineinstance management to process a request to execute user code.

DETAILED DESCRIPTION

Companies and organizations no longer need to acquire and manage theirown data centers in order to perform computing operations (e.g., executecode, including threads, programs, software, routines, subroutines,processes, etc.). With the advent of cloud computing, storage space andcompute power traditionally provided by hardware computing devices cannow be obtained and configured in minutes over the Internet. Thus,developers can quickly purchase a desired amount of computing resourceswithout having to worry about acquiring physical machines. Suchcomputing resources are typically purchased in the form of virtualcomputing resources, or virtual machine instances. These instances ofvirtual machines, which are hosted on physical computing devices withtheir own operating systems and other software components, can beutilized in the same manner as physical computers.

However, even when virtual computing resources are purchased, developersstill have to decide how many and what type of virtual machine instancesto purchase, and how long to keep them. For example, the costs of usingthe virtual machine instances may vary depending on the type and thenumber of hours they are rented. In addition, the minimum time a virtualmachine may be rented is typically on the order of hours. Further,developers have to specify the hardware and software resources (e.g.,type of operating systems and language runtimes, etc.) to install on thevirtual machines. Other concerns that they might have includeover-utilization (e.g., acquiring too little computing resources andsuffering performance issues), under-utilization (e.g., acquiring morecomputing resources than necessary to run the codes, and thusoverpaying), prediction of change in traffic (e.g., so that they knowwhen to scale up or down), and instance and language runtime startupdelay, which can take 3-10 minutes, or longer, even though users maydesire computing capacity on the order of seconds or even milliseconds.Thus, an improved method of allowing users to take advantage of thevirtual machine instances provided by service providers is desired.

According to aspects of the present disclosure, by maintaining a pool ofpre-initialized virtual machine instances that are ready for use as soonas a user request is received, delay (sometimes referred to as latency)associated with executing the user code (e.g., instance and languageruntime startup time) can be significantly reduced.

Generally described, aspects of the present disclosure relate to themanagement of virtual machine instances and containers created therein.Specifically, systems and methods are disclosed which facilitatemanagement of virtual machine instances in a virtual compute system. Thevirtual compute system maintains a pool of virtual machine instancesthat have one or more software components (e.g., operating systems,language runtimes, libraries, etc.) loaded thereon. The virtual machineinstances in the pool can be designated to service user requests toexecute program codes. The program codes can be executed in isolatedcontainers that are created on the virtual machine instances. Since thevirtual machine instances in the pool have already been booted andloaded with particular operating systems and language runtimes by thetime the requests are received, the delay associated with findingcompute capacity that can handle the requests (e.g., by executing theuser code in one or more containers created on the virtual machineinstances) is significantly reduced.

In another aspect, a virtual compute system may maintain a pool ofvirtual machine instances on one or more physical computing devices,where each virtual machine instance has one or more software componentsloaded thereon. When the virtual compute system receives a request toexecute the program code of a user, which specifies one or morecomputing constraints for executing the program code of the user, thevirtual compute system may select a virtual machine instance forexecuting the program code of the user based on the one or morecomputing constraints specified by the request and cause the programcode of the user to be executed on the selected virtual machineinstance.

Generally described, aspects of the present disclosure relate tomanagement of virtual machine instances to enable threading as aservice. Specifically, systems and methods are disclosed whichfacilitate the management of virtual machine instance throughutilization of a virtual machine instance manager, such that a servicecan receive user code (threads, programs, etc.) and execute the code ina highly scalable, low latency manner, without requiring userconfiguration of a virtual machine instance. The virtual machineinstance manager manages virtual machine instances that can execute usercode composed in any of a variety of programming languages. The virtualmachine instance manager can create and configure virtual machineinstances according to a predetermined set of configurations prior toreceiving the user code and prior to receiving any information from auser regarding any particular virtual machine instance configuration.Instead, the virtual machine instance manager can pre-configure andestablish a variety of virtual machine instances, each having aconfiguration corresponding to any one or more of a variety of run-timeenvironments. In response to a request to execute user code, the virtualmachine instance manager can identify a pre-configured virtual machineinstance based on configuration information associated with the requestand allocate the identified virtual machine instance to execute theuser's code. The virtual machine instance manager can create andconfigure containers inside the allocated virtual machine instance basedon configuration information of the request to execute the user code. Insome cases, the virtual machine instance manager can identify anexisting container in a virtual machine instance that is alreadyallocated to the same user account. Containers within a single virtualmachine instance can host multiple copies of the same user codeconcurrently and also can host copies of different user codes if allowedunder operation policies. In some cases, the virtual machine instancemanager manages and facilitates execution of the requested user code bythe containers by utilizing various auxiliary services.

Specific embodiments and example applications of the present disclosurewill now be described with reference to the drawings. These embodimentsand example applications are intended to illustrate, and not limit, thepresent disclosure.

By way of illustration, various example user computing devices 102 areshown in communication with the virtual compute system 110, including adesktop computer, laptop, and a mobile phone. In general, the usercomputing devices 102 can be any computing device such as a desktop,laptop, mobile phone (or smartphone), tablet, kiosk, wireless device,and other electronic devices. In addition, the user computing devices102 may include web services running on the same or different datacenters, where, for example, different web services may programmaticallycommunicate with each other to perform one or more techniques describedherein. Further, the user computing devices 102 may include Internet ofThings (IoT) devices such as Internet appliances and connected devices.The virtual compute system 110 may provide the user computing devices102 with one or more user interfaces, command-line interfaces (CLI),application programming interfaces (API), and/or other programmaticinterfaces for generating and uploading user codes, invoking the usercodes (e.g., submitting a request to execute the user codes on thevirtual compute system 110), scheduling event-based jobs or timed jobs,tracking the user codes, and/or viewing other logging or monitoringinformation related to their requests and/or user codes. Although one ormore embodiments may be described herein as using a user interface, itshould be appreciated that such embodiments may, additionally oralternatively, use any CLIs, APIs, or other programmatic interfaces.

The user computing devices 102 access the virtual compute system 110over a network 104. The network 104 may be any wired network, wirelessnetwork, or combination thereof. In addition, the network 104 may be apersonal area network, local area network, wide area network,over-the-air broadcast network (e.g., for radio or television), cablenetwork, satellite network, cellular telephone network, or combinationthereof. For example, the network 104 may be a publicly accessiblenetwork of linked networks, possibly operated by various distinctparties, such as the Internet. In some embodiments, the network 104 maybe a private or semi-private network, such as a corporate or universityintranet. The network 104 may include one or more wireless networks,such as a Global System for Mobile Communications (GSM) network, a CodeDivision Multiple Access (CDMA) network, a Long Term Evolution (LTE)network, or any other type of wireless network. The network 104 can useprotocols and components for communicating via the Internet or any ofthe other aforementioned types of networks. For example, the protocolsused by the network 104 may include Hypertext Transfer Protocol (HTTP),HTTP Secure (HTTPS), Message Queue Telemetry Transport (MQTT),Constrained Application Protocol (CoAP), and the like. Protocols andcomponents for communicating via the Internet or any of the otheraforementioned types of communication networks are well known to thoseskilled in the art and, thus, are not described in more detail herein.

The virtual compute system 110 is depicted in FIG. 1 as operating in adistributed computing environment including several computer systemsthat are interconnected using one or more computer networks. The virtualcompute system 110 could also operate within a computing environmenthaving a fewer or greater number of devices than are illustrated inFIG. 1. Thus, the depiction of the virtual compute system 110 in FIG. 1should be taken as illustrative and not limiting to the presentdisclosure. For example, the virtual compute system 110 or variousconstituents thereof could implement various Web services components,hosted or “cloud” computing environments, and/or peer to peer networkconfigurations to implement at least a portion of the processesdescribed herein.

Further, the virtual compute system 110 may be implemented in hardwareand/or software and may, for instance, include one or more physical orvirtual servers implemented on physical computer hardware configured toexecute computer executable instructions for performing various featuresthat will be described herein. The one or more servers may begeographically dispersed or geographically co-located, for instance, inone or more data centers.

In the environment illustrated FIG. 1, the virtual environment 100includes a virtual compute system 110, which includes a frontend 120, awarming pool manager 130, and a worker manager 140. In the depictedexample, virtual machine instances (“instances”) 152, 154 are shown in awarming pool 130A managed by the warming pool manager 130, and instances156, 158 are shown in an active pool 140A managed by the worker manager140. The illustration of the various components within the virtualcompute system 110 is logical in nature and one or more of thecomponents can be implemented by a single computing device or multiplecomputing devices. For example, the instances 152, 154, 156, 158 can beimplemented on one or more physical computing devices in differentvarious geographic regions. Similarly, each of the frontend 120, thewarming pool manager 130, and the worker manager 140 can be implementedacross multiple physical computing devices. Alternatively, one or moreof the frontend 120, the warming pool manager 130, and the workermanager 140 can be implemented on a single physical computing device. Insome embodiments, the virtual compute system 110 may comprise multiplefrontends, multiple warming pool managers, and/or multiple workermanagers. Although four virtual machine instances are shown in theexample of FIG. 1, the embodiments described herein are not limited assuch, and one skilled in the art will appreciate that the virtualcompute system 110 may comprise any number of virtual machine instancesimplemented using any number of physical computing devices. Similarly,although a single warming pool and a single active pool are shown in theexample of FIG. 1, the embodiments described herein are not limited assuch, and one skilled in the art will appreciate that the virtualcompute system 110 may comprise any number of warming pools and activepools.

In the example of FIG. 1, the virtual compute system 110 is illustratedas connected to the network 104. In some embodiments, any of thecomponents within the virtual compute system 110 can communicate withother components (e.g., the user computing devices 102 and auxiliaryservices 106, which may include monitoring/logging/billing services 107,storage service 108, an instance provisioning service 109, and/or otherservices that may communicate with the virtual compute system 110) ofthe virtual environment 100 via the network 104. In other embodiments,not all components of the virtual compute system 110 are capable ofcommunicating with other components of the virtual environment 100. Inone example, only the frontend 120 may be connected to the network 104,and other components of the virtual compute system 110 may communicatewith other components of the virtual environment 100 via the frontend120.

Users may use the virtual compute system 110 to execute user codethereon. For example, a user may wish to run a piece of code inconnection with a web or mobile application that the user has developed.One way of running the code would be to acquire virtual machineinstances from service providers who provide infrastructure as aservice, configure the virtual machine instances to suit the user'sneeds, and use the configured virtual machine instances to run the code.Alternatively, the user may send a code execution request to the virtualcompute system 110. The virtual compute system 110 can handle theacquisition and configuration of compute capacity (e.g., containers,instances, etc., which are described in greater detail below) based onthe code execution request, and execute the code using the computecapacity. The virtual compute system 110 may automatically scale up anddown based on the volume, thereby relieving the user from the burden ofhaving to worry about over-utilization (e.g., acquiring too littlecomputing resources and suffering performance issues) orunder-utilization (e.g., acquiring more computing resources thannecessary to run the codes, and thus overpaying).

The frontend 120 processes all the requests to execute user code on thevirtual compute system 110. In one embodiment, the frontend 120 servesas a front door to all the other services provided by the virtualcompute system 110. The frontend 120 processes the requests and makessure that the requests are properly authorized. For example, thefrontend 120 may determine whether the user associated with the requestis authorized to access the user code specified in the request.

The user code as used herein may refer to any program code (e.g., aprogram, routine, subroutine, thread, etc.) written in a specificprogram language. In the present disclosure, the terms “code,” “usercode,” and “program code,” may be used interchangeably. Such user codemay be executed to achieve a specific task, for example, in connectionwith a particular web application or mobile application developed by theuser. For example, the user codes may be written in JavaScript(node.js), Java, Python, and/or Ruby. The request may include the usercode (or the location thereof) and one or more arguments to be used forexecuting the user code. For example, the user may provide the user codealong with the request to execute the user code. In another example, therequest may identify a previously uploaded program code (e.g., using theAPI for uploading the code) by its name or its unique ID. In yet anotherexample, the code may be included in the request as well as uploaded ina separate location (e.g., the storage service 108 or a storage systeminternal to the virtual compute system 110) prior to the request isreceived by the virtual compute system 110. The virtual compute system110 may vary its code execution strategy based on where the code isavailable at the time the request is processed.

The frontend 120 may receive the request to execute such user codes inresponse to Hypertext Transfer Protocol Secure (HTTPS) requests from auser. Also, any information (e.g., headers and parameters) included inthe HTTPS request may also be processed and utilized when executing theuser code. As discussed above, any other protocols, including, forexample, HTTP, MQTT, and CoAP, may be used to transfer the messagecontaining the code execution request to the frontend 120. The frontend120 may also receive the request to execute such user codes when anevent is detected, such as an event that the user has registered totrigger automatic request generation. For example, the user may haveregistered the user code with an auxiliary service 106 and specifiedthat whenever a particular event occurs (e.g., a new file is uploaded),the request to execute the user code is sent to the frontend 120.Alternatively, the user may have registered a timed job (e.g., executethe user code every 24 hours). In such an example, when the scheduledtime arrives for the timed job, the request to execute the user code maybe sent to the frontend 120. In yet another example, the frontend 120may have a queue of incoming code execution requests, and when theuser's batch job is removed from the virtual compute system's workqueue, the frontend 120 may process the user request. In yet anotherexample, the request may originate from another component within thevirtual compute system 110 or other servers or services not illustratedin FIG. 1.

A user request may specify one or more third-party libraries (includingnative libraries) to be used along with the user code. In oneembodiment, the user request is a ZIP file containing the user code andany libraries (and/or identifications of storage locations thereof). Insome embodiments, the user request includes metadata that indicates theprogram code to be executed, the language in which the program code iswritten, the user associated with the request, and/or the computingresources (e.g., memory, etc.) to be reserved for executing the programcode. For example, the program code may be provided with the request,previously uploaded by the user, provided by the virtual compute system110 (e.g., standard routines), and/or provided by third parties. In someembodiments, such resource-level constraints (e.g., how much memory isto be allocated for executing a particular user code) are specified forthe particular user code, and may not vary over each execution of theuser code. In such cases, the virtual compute system 110 may have accessto such resource-level constraints before each individual request isreceived, and the individual requests may not specify suchresource-level constraints. In some embodiments, the user request mayspecify other constraints such as permission data that indicates whatkind of permissions that the request has to execute the user code. Suchpermission data may be used by the virtual compute system 110 to accessprivate resources (e.g., on a private network).

In some embodiments, the user request may specify the behavior thatshould be adopted for handling the user request. In such embodiments,the user request may include an indicator for enabling one or moreexecution modes in which the user code associated with the user requestis to be executed. For example, the request may include a flag or aheader for indicating whether the user code should be executed in adebug mode in which the debugging and/or logging output that may begenerated in connection with the execution of the user code is providedback to the user (e.g., via a console user interface). In such anexample, the virtual compute system 110 may inspect the request and lookfor the flag or the header, and if it is present, the virtual computesystem 110 may modify the behavior (e.g., logging facilities) of thecontainer in which the user code is executed, and cause the output datato be provided back to the user. In some embodiments, the behavior/modeindicators are added to the request by the user interface provided tothe user by the virtual compute system 110. Other features such assource code profiling, remote debugging, etc. may also be enabled ordisabled based on the indication provided in the request.

In some embodiments, the virtual compute system 110 may include multiplefrontends 120. In such embodiments, a load balancer may be provided todistribute the incoming requests to the multiple frontends 120, forexample, in a round-robin fashion. In some embodiments, the manner inwhich the load balancer distributes incoming requests to the multiplefrontends 120 may be based on the state of the warming pool 130A and/orthe active pool 140A. For example, if the capacity in the warming pool130A is deemed to be sufficient, the requests may be distributed to themultiple frontends 120 based on the individual capacities of thefrontends 120 (e.g., based on one or more load balancing restrictions).On the other hand, if the capacity in the warming pool 130A is less thana threshold amount, one or more of such load balancing restrictions maybe removed such that the requests may be distributed to the multiplefrontends 120 in a manner that reduces or minimizes the number ofvirtual machine instances taken from the warming pool 130A. For example,even if, according to a load balancing restriction, a request is to berouted to Frontend A, if Frontend A needs to take an instance out of thewarming pool 130A to service the request but Frontend B can use one ofthe instances in its active pool to service the same request, therequest may be routed to Frontend B.

The warming pool manager 130 ensures that virtual machine instances areready to be used by the worker manager 140 when the virtual computesystem 110 receives a request to execute user code on the virtualcompute system 110. In the example illustrated in FIG. 1, the warmingpool manager 130 manages the warming pool 130A, which is a group(sometimes referred to as a pool) of pre-initialized and pre-configuredvirtual machine instances that may be used to service incoming user codeexecution requests. In some embodiments, the warming pool manager 130causes virtual machine instances to be booted up on one or more physicalcomputing machines within the virtual compute system 110 and added tothe warming pool 130A. In other embodiments, the warming pool manager130 communicates with an auxiliary virtual management instance service(e.g., an auxiliary service 106 of FIG. 1) to create and add newinstances to the warming pool 130A. For example, the warming poolmanager 130 may cause additional instances to be added to the warmingpool 130A based on the available capacity in the warming pool 130A toservice incoming requests. In some embodiments, the warming pool manager130 may utilize both physical computing devices within the virtualcompute system 110 and one or more virtual machine instance services toacquire and maintain compute capacity that can be used to service codeexecution requests received by the frontend 120. In some embodiments,the virtual compute system 110 may comprise one or more logical knobs orswitches for controlling (e.g., increasing or decreasing) the availablecapacity in the warming pool 130A. For example, a system administratormay use such a knob or switch to increase the capacity available (e.g.,the number of pre-booted instances) in the warming pool 130A during peakhours. In some embodiments, virtual machine instances in the warmingpool 130A can be configured based on a predetermined set ofconfigurations independent from a specific user request to execute auser's code. The predetermined set of configurations can correspond tovarious types of virtual machine instances to execute user codes. Thewarming pool manager 130 can optimize types and numbers of virtualmachine instances in the warming pool 130A based on one or more metricsrelated to current or previous user code executions.

As shown in FIG. 1, instances may have operating systems (OS) and/orlanguage runtimes loaded thereon. For example, the warming pool 130Amanaged by the warming pool manager 130 comprises instances 152, 154.The instance 152 includes an OS 152A and a runtime 152B. The instance154 includes an OS 154A. In some embodiments, the instances in thewarming pool 130A may also include containers (which may further containcopies of operating systems, runtimes, user codes, etc.), which aredescribed in greater detail below. Although the instance 152 is shown inFIG. 1 to include a single runtime, in other embodiments, the instancesdepicted in FIG. 1 may include two or more runtimes, each of which maybe used for running a different user code. In some embodiments, thewarming pool manager 130 may maintain a list of instances in the warmingpool 130A. The list of instances may further specify the configuration(e.g., OS, runtime, container, etc.) of the instances.

In some embodiments, the virtual machine instances in the warming pool130A may be used to serve any user's request. In one embodiment, all thevirtual machine instances in the warming pool 130A are configured in thesame or substantially similar manner. In another embodiment, the virtualmachine instances in the warming pool 130A may be configured differentlyto suit the needs of different users. For example, the virtual machineinstances may have different operating systems, different languageruntimes, and/or different libraries loaded thereon. In yet anotherembodiment, the virtual machine instances in the warming pool 130A maybe configured in the same or substantially similar manner (e.g., withthe same OS, language runtimes, and/or libraries), but some of thoseinstances may have different container configurations. For example, oneinstance might have a container created therein for running code writtenin Python, and another instance might have a container created thereinfor running code written in Ruby. In some embodiments, multiple warmingpools 130A, each having identically-configured virtual machineinstances, are provided.

The warming pool manager 130 may pre-configure the virtual machineinstances in the warming pool 130A, such that each virtual machineinstance is configured to satisfy at least one of the operatingconditions that may be requested or specified by the user request toexecute program code on the virtual compute system 110. In oneembodiment, the operating conditions may include program languages inwhich the potential user codes may be written. For example, suchlanguages may include Java, JavaScript, Python, Ruby, and the like. Insome embodiments, the set of languages that the user codes may bewritten in may be limited to a predetermined set (e.g., set of 4languages, although in some embodiments sets of more or less than fourlanguages are provided) in order to facilitate pre-initialization of thevirtual machine instances that can satisfy requests to execute usercodes. For example, when the user is configuring a request via a userinterface provided by the virtual compute system 110, the user interfacemay prompt the user to specify one of the predetermined operatingconditions for executing the user code. In another example, theservice-level agreement (SLA) for utilizing the services provided by thevirtual compute system 110 may specify a set of conditions (e.g.,programming languages, computing resources, etc.) that user requestsshould satisfy, and the virtual compute system 110 may assume that therequests satisfy the set of conditions in handling the requests. Inanother example, operating conditions specified in the request mayinclude: the amount of compute power to be used for processing therequest; the type of the request (e.g., HTTP vs. a triggered event); thetimeout for the request (e.g., threshold time after which the requestmay be terminated); security policies (e.g., may control which instancesin the warming pool 130A are usable by which user); and etc.

The worker manager 140 manages the instances used for servicing incomingcode execution requests. In the example illustrated in FIG. 1, theworker manager 140 manages the active pool 140A, which is a group(sometimes referred to as a pool) of virtual machine instances that arecurrently assigned to one or more users. Although the virtual machineinstances are described here as being assigned to a particular user, insome embodiments, the instances may be assigned to a group of users,such that the instance is tied to the group of users and any member ofthe group can utilize resources on the instance. For example, the usersin the same group may belong to the same security group (e.g., based ontheir security credentials) such that executing one member's code in acontainer on a particular instance after another member's code has beenexecuted in another container on the same instance does not posesecurity risks. Similarly, the worker manager 140 may assign theinstances and the containers according to one or more policies thatdictate which requests can be executed in which containers and whichinstances can be assigned to which users. An example policy may specifythat instances are assigned to collections of users who share the sameaccount (e.g., account for accessing the services provided by thevirtual compute system 110). In some embodiments, the requestsassociated with the same user group may share the same containers (e.g.,if the user codes associated therewith are identical). In someembodiments, a request does not differentiate between the differentusers of the group and simply indicates the group to which the usersassociated with the requests belong.

As shown in FIG. 1, instances may have operating systems (OS), languageruntimes, and containers. The containers may have individual copies ofthe OS and the runtimes and user codes loaded thereon. In the example ofFIG. 1, the active pool 140A managed by the worker manager 140 includesthe instances 156, 158. The instance 156 has an OS 156A, runtimes 156B,156C, and containers 156D, 156E. The container 156D includes a copy ofthe OS 156A, a copy of the runtime 156B, and a copy of a code 156D-1.The container 156E includes a copy of the OS 156A, a copy of the runtime156C, and a copy of a code 156E-1. The instance 158 has an OS 158A,runtimes 158B, 158C, 158E, 158F, a container 158D, and codes 158G, 158H.The container 158D has a copy of the OS 158A, a copy of the runtime158B, and a copy of a code 158D-1. As illustrated in FIG. 1, instancesmay have user codes loaded thereon, and containers within thoseinstances may also have user codes loaded therein. In some embodiments,the worker manager 140 may maintain a list of instances in the activepool 140A. The list of instances may further specify the configuration(e.g., OS, runtime, container, etc.) of the instances. In someembodiments, the worker manager 140 may have access to a list ofinstances in the warming pool 130A (e.g., including the number and typeof instances). In other embodiments, the worker manager 140 requestscompute capacity from the warming pool manager 130 without havingknowledge of the virtual machine instances in the warming pool 130A.

In the example illustrated in FIG. 1, user codes are executed inisolated virtual compute systems referred to as containers (e.g.,containers 156D, 156E, 158D). Containers are logical units createdwithin a virtual machine instance using the resources available on thatinstance. For example, the worker manager 140 may, based on informationspecified in the request to execute user code, create a new container orlocate an existing container in one of the instances in the active pool140A and assigns the container to the request to handle the execution ofthe user code associated with the request. In one embodiment, suchcontainers are implemented as Linux containers.

Once a request has been successfully processed by the frontend 120, theworker manager 140 finds capacity to service the request to execute usercode on the virtual compute system 110. For example, if there exists aparticular virtual machine instance in the active pool 140A that has acontainer with the same user code loaded therein (e.g., code 156D-1shown in the container 156D), the worker manager 140 may assign thecontainer to the request and cause the user code to be executed in thecontainer. Alternatively, if the user code is available in the localcache of one of the virtual machine instances (e.g., codes 158G, 158H,which are stored on the instance 158 but do not belong to any individualcontainers), the worker manager 140 may create a new container on suchan instance, assign the container to the request, and cause the usedcode to be loaded and executed in the container.

If the worker manager 140 determines that the user code associated withthe request is not found on any of the instances (e.g., either in acontainer or the local cache of an instance) in the active pool 140A,the worker manager 140 may determine whether any of the instances in theactive pool 140A is currently assigned to the user associated with therequest and has compute capacity to handle the current request. If thereis such an instance, the worker manager 140 may create a new containeron the instance and assign the container to the request. Alternatively,the worker manager 140 may further configure an existing container onthe instance assigned to the user, and assign the container to therequest. For example, the worker manager 140 may determine that theexisting container may be used to execute the user code if a particularlibrary demanded by the current user request is loaded thereon. In sucha case, the worker manager 140 may load the particular library and theuser code onto the container and use the container to execute the usercode.

If the active pool 140 does not contain any instances currently assignedto the user, the worker manager 140 pulls a new virtual machine instancefrom the warming pool 130A, assigns the instance to the user associatedwith the request, creates a new container on the instance, assigns thecontainer to the request, and causes the user code to be downloaded andexecuted on the container.

In some embodiments, the virtual compute system 110 is adapted to beginexecution of the user code shortly after it is received (e.g., by thefrontend 120). A time period can be determined as the difference in timebetween initiating execution of the user code (e.g., in a container on avirtual machine instance associated with the user) and receiving arequest to execute the user code (e.g., received by a frontend). Thevirtual compute system 110 is adapted to begin execution of the usercode within a time period that is less than a predetermined duration. Inone embodiment, the predetermined duration is 500 ms. In anotherembodiment, the predetermined duration is 300 ms. In another embodiment,the predetermined duration is 100 ms. In another embodiment, thepredetermined duration is 50 ms. In another embodiment, thepredetermined duration is 10 ms. In another embodiment, thepredetermined duration may be any value chosen from the range of 10 msto 500 ms. In some embodiments, the virtual compute system 110 isadapted to begin execution of the user code within a time period that isless than a predetermined duration if one or more conditions aresatisfied. For example, the one or more conditions may include any oneof: (1) the user code is loaded on a container in the active pool 140 atthe time the request is received; (2) the user code is stored in thecode cache of an instance in the active pool 140 at the time the requestis received; (3) the active pool 140A contains an instance assigned tothe user associated with the request at the time the request isreceived; or (4) the warming pool 130A has capacity to handle therequest at the time the request is received.

The user code may be downloaded from an auxiliary service 106 such asthe storage service 108 of FIG. 1. Data 108A illustrated in FIG. 1 maycomprise user codes uploaded by one or more users, metadata associatedwith such user codes, or any other data utilized by the virtual computesystem 110 to perform one or more techniques described herein. Althoughonly the storage service 108 is illustrated in the example of FIG. 1,the virtual environment 100 may include other levels of storage systemsfrom which the user code may be downloaded. For example, each instancemay have one or more storage systems either physically (e.g., a localstorage resident on the physical computing system on which the instanceis running) or logically (e.g., a network-attached storage system innetwork communication with the instance and provided within or outsideof the virtual compute system 110) associated with the instance on whichthe container is created. Alternatively, the code may be downloaded froma web-based data store provided by the storage service 108.

Once the worker manager 140 locates one of the virtual machine instancesin the warming pool 130A that can be used to serve the user codeexecution request, the warming pool manager 130 or the worker manger 140takes the instance out of the warming pool 130A and assigns it to theuser associated with the request. The assigned virtual machine instanceis taken out of the warming pool 130A and placed in the active pool140A. In some embodiments, once the virtual machine instance has beenassigned to a particular user, the same virtual machine instance cannotbe used to service requests of any other user. This provides securitybenefits to users by preventing possible co-mingling of user resources.Alternatively, in some embodiments, multiple containers belonging todifferent users (or assigned to requests associated with differentusers) may co-exist on a single virtual machine instance. Such anapproach may improve utilization of the available compute capacity.

In some embodiments, the virtual compute system 110 may maintain aseparate cache in which user codes are stored to serve as anintermediate level of caching system between the local cache of thevirtual machine instances and a web-based network storage (e.g.,accessible via the network 104). The various scenarios that the workermanager 140 may encounter in servicing the request are described ingreater detail below with reference to FIG. 4.

After the user code has been executed, the worker manager 140 may teardown the container used to execute the user code to free up theresources it occupied to be used for other containers in the instance.Alternatively, the worker manager 140 may keep the container running touse it to service additional requests from the same user. For example,if another request associated with the same user code that has alreadybeen loaded in the container, the request can be assigned to the samecontainer, thereby eliminating the delay associated with creating a newcontainer and loading the user code in the container. In someembodiments, the worker manager 140 may tear down the instance in whichthe container used to execute the user code was created. Alternatively,the worker manager 140 may keep the instance running to use it toservice additional requests from the same user. The determination ofwhether to keep the container and/or the instance running after the usercode is done executing may be based on a threshold time, the type of theuser, average request volume of the user, and/or other operatingconditions. For example, after a threshold time has passed (e.g., 5minutes, 30 minutes, 1 hour, 24 hours, 30 days, etc.) without anyactivity (e.g., running of the code), the container and/or the virtualmachine instance is shutdown (e.g., deleted, terminated, etc.), andresources allocated thereto are released. In some embodiments, thethreshold time passed before a container is torn down is shorter thanthe threshold time passed before an instance is torn down.

In some embodiments, the virtual compute system 110 may provide data toone or more of the auxiliary services 106 as it services incoming codeexecution requests. For example, the virtual compute system 110 maycommunicate with the monitoring/logging/billing services 107. Themonitoring/logging/billing services 107 may include: a monitoringservice for managing monitoring information received from the virtualcompute system 110, such as statuses of containers and instances on thevirtual compute system 110; a logging service for managing logginginformation received from the virtual compute system 110, such asactivities performed by containers and instances on the virtual computesystem 110; and a billing service for generating billing informationassociated with executing user code on the virtual compute system 110(e.g., based on the monitoring information and/or the logginginformation managed by the monitoring service and the logging service).In addition to the system-level activities that may be performed by themonitoring/logging/billing services 107 (e.g., on behalf of the virtualcompute system 110) as described above, the monitoring/logging/billingservices 107 may provide application-level services on behalf of theuser code executed on the virtual compute system 110. For example, themonitoring/logging/billing services 107 may monitor and/or log variousinputs, outputs, or other data and parameters on behalf of the user codebeing executed on the virtual compute system 110. Although shown as asingle block, the monitoring, logging, and billing services 107 may beprovided as separate services.

In some embodiments, the worker manager 140 may perform health checks onthe instances and containers managed by the worker manager 140 (e.g.,those in the active pool 140A). For example, the health checks performedby the worker manager 140 may include determining whether the instancesand the containers managed by the worker manager 140 have any issues of(1) misconfigured networking and/or startup configuration, (2) exhaustedmemory, (3) corrupted file system, (4) incompatible kernel, and/or anyother problems that may impair the performance of the instances and thecontainers. In one embodiment, the worker manager 140 performs thehealth checks periodically (e.g., every 5 minutes, every 30 minutes,every hour, every 24 hours, etc.). In some embodiments, the frequency ofthe health checks may be adjusted automatically based on the result ofthe health checks. In other embodiments, the frequency of the healthchecks may be adjusted based on user requests. In some embodiments, theworker manager 140 may perform similar health checks on the instancesand/or containers in the warming pool 130A. The instances and/or thecontainers in the warming pool 130A may be managed either together withthose instances and containers in the active pool 140A or separately. Insome embodiments, in the case where the health of the instances and/orthe containers in the warming pool 130A is managed separately from theactive pool 140A, the warming pool manager 130, instead of the workermanager 140, may perform the health checks described above on theinstances and/or the containers in the warming pool 130A.

The worker manager 140 may include an instance allocation unit forfinding compute capacity (e.g., containers) to service incoming codeexecution requests and a user code execution unit for facilitating theexecution of user codes on those containers. An example configuration ofthe worker manager 140 is described in greater detail below withreference to FIG. 2.

FIG. 2 depicts a general architecture of a computing system (referencedas worker manager 140) that manages the virtual machine instances in thevirtual compute system 110. The general architecture of the workermanager 140 depicted in FIG. 2 includes an arrangement of computerhardware and software modules that may be used to implement aspects ofthe present disclosure. The hardware modules may be implemented withphysical electronic devices, as discussed in greater detail below. Theworker manager 140 may include many more (or fewer) elements than thoseshown in FIG. 2. It is not necessary, however, that all of thesegenerally conventional elements be shown in order to provide an enablingdisclosure. Additionally, the general architecture illustrated in FIG. 2may be used to implement one or more of the other components illustratedin FIG. 1. As illustrated, the worker manager 140 includes a processingunit 190, a network interface 192, a computer readable medium drive 194,an input/output device interface 196, all of which may communicate withone another by way of a communication bus. The network interface 192 mayprovide connectivity to one or more networks or computing systems. Theprocessing unit 190 may thus receive information and instructions fromother computing systems or services via the network 104. The processingunit 190 may also communicate to and from memory 180 and further provideoutput information for an optional display (not shown) via theinput/output device interface 196. The input/output device interface 196may also accept input from an optional input device (not shown).

The memory 180 may contain computer program instructions (grouped asmodules in some embodiments) that the processing unit 190 executes inorder to implement one or more aspects of the present disclosure. Thememory 180 generally includes RAM, ROM and/or other persistent,auxiliary or non-transitory computer readable media. The memory 180 maystore an operating system 184 that provides computer programinstructions for use by the processing unit 190 in the generaladministration and operation of the worker manager 140. The memory 180may further include computer program instructions and other informationfor implementing aspects of the present disclosure. For example, in oneembodiment, the memory 180 includes a user interface unit 182 thatgenerates user interfaces (and/or instructions therefor) for displayupon a computing device, e.g., via a navigation and/or browsinginterface such as a browser or application installed on the computingdevice. In addition, the memory 180 may include and/or communicate withone or more data repositories (not shown), for example, to access userprogram codes and/or libraries.

In addition to and/or in combination with the user interface unit 182,the memory 180 may include an instance allocation unit 186 and a usercode execution unit 188 that may be executed by the processing unit 190.In one embodiment, the user interface unit 182, instance allocation unit186, and user code execution unit 188 individually or collectivelyimplement various aspects of the present disclosure, e.g., findingcompute capacity (e.g., a container) to be used for executing user code,causing the user code to be loaded and executed on the container, etc.as described further below.

The instance allocation unit 186 finds the compute capacity to be usedfor servicing a request to execute user code. For example, the instanceallocation unit 186 identifies a virtual machine instance and/or acontainer that satisfies any constraints specified by the request andassigns the identified virtual machine instance and/or container to theuser or the request itself. The instance allocation unit 186 may performsuch identification based on the programming language in which the usercode is written. For example, if the user code is written in Python, andthe instance allocation unit 186 may find an virtual machine instance(e.g., in the warming pool 130A of FIG. 1) having the Python runtimepre-loaded thereon and assign the virtual machine instance to the user.In another example, if the program code specified in the request of theuser is already loaded on an existing container or on another virtualmachine instance assigned to the user (e.g., in the active pool 140A ofFIG. 1), the instance allocation unit 186 may cause the request to beprocessed in the container or in a new container on the virtual machineinstance. In some embodiments, if the virtual machine instance hasmultiple language runtimes loaded thereon, the instance allocation unit186 may create a new container on the virtual machine instance and loadthe appropriate language runtime on the container based on the computingconstraints specified in the request.

The user code execution unit 188 manages the execution of the programcode specified by the request of the user once a particular virtualmachine instance has been assigned to the user associated with therequest and a container on the particular virtual machine instance hasbeen assigned to the request. If the code is pre-loaded in a containeron the virtual machine instance assigned to the user, the code is simplyexecuted in the container. If the code is available via a networkstorage (e.g., storage service 108 of FIG. 1), the user code executionunit 188 downloads the code into a container on the virtual machineinstance and causes the code to be executed (e.g., by communicating withthe frontend 120 of FIG. 1) once it has been downloaded.

While the instance allocation unit 186 and the user code execution unit188 are shown in FIG. 2 as part of the worker manager 140, in otherembodiments, all or a portion of the instance allocation unit 186 andthe user code execution unit 188 may be implemented by other componentsof the virtual compute system 110 and/or another computing device. Forexample, in certain embodiments of the present disclosure, anothercomputing device in communication with the virtual compute system 110may include several modules or components that operate similarly to themodules and components illustrated as part of the worker manager 140.

In some embodiments, the worker manager 140 may further includecomponents other than those illustrated in FIG. 2. For example, thememory 180 may further include a container manager for managingcreation, preparation, and configuration of containers within virtualmachine instances.

Turning now to FIG. 3, a routine 300 implemented by one or morecomponents of the virtual compute system 110 (e.g., the worker manager140) will be described. Although routine 300 is described with regard toimplementation by the worker manager 140, one skilled in the relevantart will appreciate that alternative components may implement routine300 or that one or more of the blocks may be implemented by a differentcomponent or in a distributed manner.

At block 302 of the illustrative routine 300, the worker manager 140receives a request to execute user code. Alternatively, the workermanager 140 receives a request from the frontend 120 of FIG. 1 to findcompute capacity for executing the user code associated with an incomingrequest received and processed by the frontend 120. For example, thefrontend 120 may process the request received from the user computingdevices 102 or the auxiliary services 106, and forward the request tothe worker manager 140 after authenticating the user and determiningthat the user is authorized to access the specified user code. Asdiscussed above, the request may include data or metadata that indicatesthe program code to be executed, the language in which the program codeis written, the user associated with the request, and/or the computingresources (e.g., memory, etc.) to be reserved for executing the programcode. For example, the request may specify that the user code is to beexecuted on “Operating System A” using “Language Runtime X.” In such anexample, the worker manager 140 may locate a virtual machine instancethat has been pre-configured with “Operating System A” and “LanguageRuntime X” and assigned it to the user. The worker manager 140 may thencreate a container on the virtual machine instance for executing theuser code therein.

Next, at block 304, the worker manager 140 acquires compute capacitybased on the information indicated in the request. In some embodiments,the compute capacity comprises a container that is configured to servicethe code execution request. As discussed herein, the container may beacquired from the active pool 140A or the warming pool 130A. How thecompute capacity is acquired is described in greater detail below withreference to FIG. 4.

At block 306, the worker manager 140 causes the user code to be executedusing the compute capacity. For example, the worker manager 140 may sendthe address of the container assigned to the request to the frontend 120so that the frontend 120 can proxy the code execution request to theaddress. In some embodiments, the address may be temporarily reserved bythe worker manager 140 and the address and/or the container mayautomatically be released after a specified time period elapses. In someembodiments, the address and/or the container may automatically bereleased after the user code has finished executing in the container.

While the routine 300 of FIG. 3 has been described above with referenceto blocks 302-306, the embodiments described herein are not limited assuch, and one or more blocks may be omitted, modified, or switchedwithout departing from the spirit of the present disclosure. Forexample, the block 302 may be modified such that the worker manager 140receives a compute capacity acquisition request from the frontend 120.

FIG. 4 is a block diagram illustrating one embodiment of processes ofvirtual machine instance management to process a request to execute usercode.

At (1), the frontend 120 of a virtual compute system 110 receives arequest to execute or to deploy a user code. The request can betransmitted from a user computing device 102. In some embodiments, therequest can be received from one of the auxiliary services 106. Forexample, in some embodiments, an auxiliary service can be adapted togenerate a request based on an event associated with the auxiliaryservices 106. Additional examples of auxiliary service event generation,including event triggering, are described in U.S. application No. TBD,filed Sep. 30, 2014, titled PROGRAMMATIC EVENT DETECTION AND MESSAGEGENERATION FOR REQUESTS TO EXECUTE PROGRAM CODE, attorney docket no.SEAZN.990A, which is expressly incorporated by reference in itsentirety. The request can be a request to execute or deploy a programcode included in the request or a program code stored in a separatecomputing system. Various program languages including Java, PHP, C++,Python, etc. can be used to compose the user code. The request caninclude configuration information relating to code-executionrequirements. For example, the request can include information aboutprogram language in which the program code is written, information aboutlanguage runtime and/or language library to execute the user code. Theconfiguration information need not include any specific informationregarding the virtual machine instance that can host the user code. Therequest can also include information that specifies policies ofreporting/storing of user code execution results/activities. Forexample, the request can specify that result of user code execution willbe reported synchronously or asynchronously (batch) to the computingdevice that transmitted user code execution request. Also, the requestmay specify that user code execution result will be stored by anauxiliary service 106 with or without synchronous reporting of theresult. The request can include configuration information specified byusers or determined by the frontend regarding to execution of user code.The configuration information can correspond to hardware or softwarerequirements to execute the user code. For example, the configurationinformation can correspond to selection of a specific type amongpredetermined types of virtual machine instances which may be availablein the warming pool 130 or in the active pool 140A. The virtual machinetypes can vary based upon predetermined sets of hardware (e.g., memory,processor, storage, etc.) and software (e.g., operating system, runtimeenvironment, libraries, etc.) resources available to containers createdwithin the virtual machine. In some embodiments, the configurationinformation can specify allowable latency to acquire compute capacity inresponse to user code execution request. Procedures and policies toacquire compute capacity can vary based on the allowable latency.

At (2), the frontend 120 processes the request. The frontend 120 cananalyze the request and format the request into a message that can befurther processed by the virtual compute system 110. Additional examplesof frontend processing are described in U.S. application No. TBD, filedSep. 30, 2014, titled PROCESSING EVENT MESSAGES FOR USER REQUESTS TOEXECUTE PROGRAM CODE, attorney docket no. SEAZN.991A, which is expresslyincorporated by reference in its entirety.

In some embodiments, the frontend 120 can analyze a user code associatedwith a request from the user computing device 102 and determine whattype of configuration is suitable to execute the user code. For example,the frontend 120 can identify information about the programming languageof the user code based on header information or metadata associated withthe user code. In some other embodiments, the frontend 120 can forwardthe request from the user computing device 102 to the worker manager 140without analyzing the request or user code.

With continued reference to FIG. 4, at (3), the frontend 120 sends amessage for user code execution to a worker manager 140. The workermanager 140 initiates a process to locate or acquire compute capacityfor user code execution based on the received message. For example, theworker manager 140 can locate a container already created on a virtualmachine instance that is already associated with the user at the timethe request is received or processed. In another embodiment, the workermanager 140 can locate an instance that is already associated with theuser at the time the request is received or processed, even if acontainer suitable for executing the user's code has not yet beencreated. In another embodiment, the worker manager can obtain analready-created (e.g., warmed) instance from a warming pool, associateit with the user, and create a container within the instance forexecuting the user's code. In some cases, warmed containers may becreated within warmed instances prior to receiving or processing userrequests for code deployment.

At (4), the worker manager 140 can acquire compute capacity to executeor deploy user code. Acquiring compute capacity can be conducted basedon one or more of operation policies of the virtual compute system 110or configuration information specified in the user code executionrequests (or implied by the user code execution requests). The workermanager 140 can determine resource requirements based on theconfiguration information and create at least one container that meetsthe resource requirements. Priorities and limitations in acquiringcompute capacity may be associated with various factors includinglatency in responding requests (time to acquire compute capacity afterreceiving requests), billing constraints and security policies. In someembodiments, to reduce latency in responding the request, the workermanager 140 tries to allocate an existing container to host user codeexecution because creating a new container may take longer thanutilizing an existing container. If there is no available, existingcontainer suitable to hose the user code, the worker manager 140 cancreate a new container in an active virtual machine instance associatedwith the user. Such active virtual machine instance may be located inthe active pool 140A. Allocating a new instance from the warming pool130A may take longer than utilizing an active instance of the activepool 140A. If there is no available, active virtual machine instanceassociated with the user, the worker manager 140 can allocate a newvirtual machine instance from the warming pool 130A and create acontainer within it to host user code execution. This may result inhigher latency than utilizing an active instance or an existingcontainer within an active instance. In some embodiments, acquiringcompute capacity can be performed based on operation cost and billingconstraints. For example, allocation of containers/instances can bedetermined to save operation cost of the virtual compute or to meetbilling constraints in spite of higher latency.

At (4), the worker manager 140 identifies a virtual machine instancethat matches the configuration information included within the messagetransmitted from the frontend 120. The worker manager 140 can compareconfiguration settings of virtual machine instances in the warming pool130A with configuration information of the request to identify amatching virtual machine instance suitable to execute the user's code.In some embodiments, in response to a request, the worker manager 140can identify a virtual machine instance already assigned to the sameuser account with which the request is associated. When resources of avirtual machine instance are reserved exclusively for a specific user, asecurity policy may permit the virtual machine instance to deploy otheruser code from the same user. Therefore, prior to checking availabilityof a virtual machine instance in the warming pool 130A, the workermanager 140 can check available resources of an active virtual machineinstance hosting other code associated with the same user. However, insome embodiments, whether or not currently active virtual machineinstances having matching configuration information exist, user code canbe assigned to a new virtual machine instance when specified by therequest or determined based on the requirement of user code. If theworker manager 140 determines that there is no capacity in a virtualmachine instance already allocated to the same user, or that there areno virtual machine instances already allocated to the user, the workermanager 140 requests a new virtual machine instance from the warmingpool 130A.

Also, when the request includes a request to update user code which hasbeen already deployed in the virtual compute system 110, the workermanager 140 can identify virtual machine instances hosting an oldversion of user code and start the process to update the old version ofuser code with a new version of user code associated with the request.In some embodiments, containers hosting an old version of user code maycontinue to execute the old version of user code until an updatedversion of the user code is loaded on the containers. In someembodiments, the worker manager 140 can cause containers to stopexecution of an old version of user code promptly or immediately inresponse to a request to update user code.

The worker manager 140 can allocate the identified virtual machineinstance to a user associated with the request. The allocated virtualmachine instance is now part of the active pool 140A rather than thewarming pool 130A and will be managed by the worker manager 140.Association of a virtual machine instance can be exclusive to a specificuser account for security purposes. In some embodiments, to preventexecution of user code associated with a specific user account fromaffecting execution of user code associated with the other users, avirtual machine instance can host user code associated with a specificuser but cannot host user code associated with the other users.Association of the virtual machine instance to a specific user accountcan be conducted by modifying data entry of a database storinginformation of virtual machine instances controlled by the workermanager 140.

The worker manager 140 can create and/or allocate a container inside avirtual machine instance allocated to execute/deploy a particular user'scode. A portion of the virtual machine instance's resources is reservedfor container allocation. The worker manager 140 can also configure thevirtual machine container for executing/deploying the user codes. Forexample, language runtimes and libraries used to run the user's code canbe loaded into the virtual machine container based on the configurationinformation associated with the request from the user computing device102. The worker manager 140 can deploy user codes on the containerconfigured with software components corresponding to configurationinformation or resource requirements associated with the user codes.Actual execution of deployed user code can be initiated by a subsequentrequest from a user device or a separate computing system.

At (5), the worker manager 140 manages user code execution by a virtualmachine instance that has a container that has been designated toexecute the user's code. The worker manager 140 can communicate withother components, systems, and services associated with the virtualcompute system 110, as well. For example, the worker manager 140 canfacilitates communication between a virtual machine instance and astorage service (e.g., the storage service 108 of FIG. 1). In addition,the worker manager 140 can manage capacities and/or configurations ofvirtual machine instances in the active pool 140A, as discussed above.Once the user's code is loaded into a container of a designated virtualmachine instance, the container executes the user's code. In someembodiments, the virtual compute system 110 is adapted to beginexecution of the user code shortly after it is received (e.g., by thefrontend 120). A time period can be determined as the difference in timebetween initiating execution of the user code (e.g., in a container on avirtual machine instance associated with the user) and receiving arequest to execute the user code (e.g., received by a frontend). Thevirtual compute system 110 is adapted to begin execution of the usercode within a time period that is less than a predetermined duration. Inone embodiment, the predetermined duration is 500 ms. In anotherembodiment, the predetermined duration is 300 ms. In another embodiment,the predetermined duration is 100 ms. In another embodiment, thepredetermined duration is 50 ms. In another embodiment, thepredetermined duration is 10 ms. In another embodiment, thepredetermined duration may be any value chosen from the range of 10 msto 500 ms. In some embodiments, the virtual compute system 110 isadapted to begin execution of the user code within a time period that isless than a predetermined duration if one or more conditions aresatisfied. For example, the one or more conditions may include any oneof: (1) the user code is loaded on a container in the active pool 140 atthe time the request is received; (2) the user code is stored in thecode cache of an instance in the active pool 140 at the time the requestis received; (3) the active pool 140A contains an instance assigned tothe user associated with the request at the time the request isreceived; or (4) the warming pool 130A has capacity to handle therequest at the time the request is received. The results of theexecution may be output to user devices, storage system associated withthe user, or a separate storage service as discussed below. For example,the results of a calculation or process performed by the container(e.g., generate a thumbnail image of an image stored at within a storageservice) can be stored in a storage service 108 accessible by the user.

With continued reference to FIG. 4, at (6), the worker manager 140communicates with the frontend 120 to provide result of user codeexecution to the user computing device 102. At (7), the virtual computesystem 110 (e.g., the frontend 120 or a worker manager) communicatesprocessing result of user code execution request with the user computingdevice 102 and/or or auxiliary services 106. In some embodiments,results are not communicated to the user or a service. Such results maybe stored and used by the virtual compute system 110 for additionalprocessing. Result information may be used to generate a report ofoperation status, resource usage and billing information based on thecommunicated processing result.

At (8), the virtual compute system 110 communicates with auxiliaryservices 106 to provide monitoring and/or logging information associatedwith the virtual compute system 110. In some embodiments, an activitylog can be stored by auxiliary services 106. The activity log can beused to generate billing communications with the user. The virtualcompute system 110 can transmit monitoring information to themonitoring/logging/billing services 107 (which can be separateservices). The monitoring/logging information can include applicationlevel information regarding activities associated with user codeexecution and system level information regarding status and health ofvirtual machine instances in the virtual compute system 110. Themonitoring information and logging information can be utilized toinitiate processes to optimize inventory of instances/containers in thevirtual compute system 110 including creation, acquisition, relocation,compaction and recycling of instances/containers. The instance/containerinventory optimization can be conducted based on various factorsincluding cost of operation, latency in responding user code executionrequests, security, system scalability and system stability.

With continued reference to FIG. 4, the virtual compute system 110 cancreate and manage virtual machine instances to process user codeexecution requests independently from and asynchronously with respect toreceiving requests from user computing devices 102. For example, thewarming pool manager 130 of the virtual compute system 110 can preparewarmed virtual machine instances in the warming pool 130A prior toreceiving a request to execute user code. Warmed virtual machineinstances in the warming pool 130A are not assigned to a specific userand contain software components to support execution of user codes. Forexample, software components contained in the warmed virtual machineinstances include at least one runtime and one or more libraries. Insome embodiments, at least some of the warmed instances can be furtherprepared with warmed containers. Such warmed containers can beconfigured to contain all or a subset of the copies of the softwarecomponents of their associated warmed instances. In addition, thevirtual compute system 110 can recycle virtual machine instances (e.g.,remove virtual machine instances from the active pool 140A and createnew virtual machine instances in the warming pool 130) also independentof specific requests from user computing devices 102.

Preparation and configuration of virtual machine instances in thewarming pool 130A can be conducted independently from specific user codeexecution requests but based on statistics and historic informationassociated with user code execution requests. For example, the warmingpool manager 130 can optimize the various configuration types andnumbers of virtual machine instances maintained in the warming pool 130Ausing such information. For example, the warming pool manager 130 candetermine that it is more likely that an instance having a particularconfiguration may be in high demand during a particular time of day.Therefore, the warming pool manager 130 may create a larger number ofinstances having such configuration and place those instances in awarming pool in anticipation of receiving user requests to execute codecompatible with such instances.

The virtual compute system 110 can recycle virtual machine instancesindependent of specific requests from the user computing devices 102 andbased on activation history of virtual machine instances and/or usercodes. For example, the worker manager 140 can monitors the activationhistory and identify virtual machine instances within the active poolwhich have not been used to execute user code for longer than apredetermined time period. The worker manager 140 then invalidatesallocation of the identified virtual machine instances to user accounts.Recycling of virtual machine instances can be based on time intervalbetween activation messages (sometimes referred to as a trigger)associated with user code. For example, user code designed to generatethumbnail images of new photographs might require an activation messagefrom a storage service 108 that a new photograph is uploaded. When suchactivation message is not received for a more than a predetermined timeperiod, virtual machine instances reserved for (associated with) a useraccount can be de-allocated (un-associated). In this situation, keepingthe user code loaded in the virtual machine instance might be a waste ofreserved resources. When such a time period passes, the worker manager140 can determine that the virtual machine instance is not beingutilized and it can initiate a process to recycle the idle virtualmachine instance.

In some embodiments, communication events with other system orcomponents associated with a virtual machine instance can be analyzed todetermine the status of a virtual machine instance. In some embodiment,a history of communication events to store processing result of usercode execution can be analyzed to determine whether a virtual machineinstance hosting the user code is being utilized actively or not. Forexample, when a virtual machine instance hosting a user code to generatethumbnail images of new photographs does not communicate with a storagesystem which stores generated thumbnail images for longer than apredetermined time period, the worker manager 140 can determine that thevirtual machine instance is not going to be utilized or that too manyinstances having a particular configuration are being maintained in theactive pool. In some embodiments, the worker manager 140 can initiaterelocation or recycling of containers to optimize the numbers of virtualmachine instances allocated to a specific user.

It will be appreciated by those skilled in the art and others that allof the functions described in this disclosure may be embodied insoftware executed by one or more physical processors of the disclosedcomponents and mobile communication devices. The software may bepersistently stored in any type of non-volatile storage.

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainembodiments include, while other embodiments do not include, certainfeatures, elements and/or steps. Thus, such conditional language is notgenerally intended to imply that features, elements and/or steps are inany way required for one or more embodiments or that one or moreembodiments necessarily include logic for deciding, with or without userinput or prompting, whether these features, elements and/or steps areincluded or are to be performed in any particular embodiment.

Any process descriptions, elements, or blocks in the flow diagramsdescribed herein and/or depicted in the attached figures should beunderstood as potentially representing modules, segments, or portions ofcode which include one or more executable instructions for implementingspecific logical functions or steps in the process. Alternateimplementations are included within the scope of the embodimentsdescribed herein in which elements or functions may be deleted, executedout of order from that shown or discussed, including substantiallyconcurrently or in reverse order, depending on the functionalityinvolved, as would be understood by those skilled in the art. It willfurther be appreciated that the data and/or components described abovemay be stored assume in a computer-readable medium and loaded intomemory of the computing device using a drive mechanism associated with acomputer readable storage medium storing the computer executablecomponents such as a CD ROM, DVD ROM, or network interface. Further, thecomponent and/or data can be included in a single device or distributedin any manner. Accordingly, general purpose computing devices may beconfigured to implement the processes, algorithms, and methodology ofthe present disclosure with the processing and/or execution of thevarious data and/or components described above.

It should be emphasized that many variations and modifications may bemade to the above-described embodiments, the elements of which are to beunderstood as being among other acceptable examples. All suchmodifications and variations are intended to be included herein withinthe scope of this disclosure and protected by the following claims.

What is claimed is:
 1. A computer implemented method to process requeststo execute user code on one or more virtual machine instances, themethod comprising: as implemented by one or more computing devicesconfigured with specific computer-executable instructions, providing aplurality of warmed virtual machine instances, each of the warmedvirtual machine instances being unassigned to a specific user andcontaining a software component associated with a programming language;subsequent to providing the plurality of warmed, unassigned virtualmachine instances, receiving a request to execute a user code, therequest comprising configuration information associated with executingthe user code, wherein the request is received at a first time;identifying a virtual machine instance from the plurality of warmedvirtual machine instances based on the configuration information of therequest, wherein the identified virtual machine instance contains aparticular software component that is suitable to execute the user code;associating the identified virtual machine instance with a user accountassociated with the request; creating, within the associated virtualmachine instance, a container to execute the user code; loading theparticular software component and the user code into the container; andinitiating execution of the user code by the container, wherein saidinitiating occurs at a second time, and wherein a time period from thefirst time to the second time is less than a predetermined duration. 2.The method as recited in claim 1, wherein the predetermined duration is100 ms.
 3. The method as recited in claim 1, wherein creating thecontainer further comprises: receiving a plurality of requests toexecute the user code; creating a plurality of containers within theidentified virtual machine instance, wherein each of the plurality ofcontainers is configured based on the configuration information of therequest; and selecting one of the plurality of containers to execute theuser code.
 4. The method as recited in claim 1, wherein creating thecontainer further comprises: receiving a plurality of requests toexecute a plurality of user codes; creating a plurality of containerswithin the identified virtual machine instance, wherein each of theplurality of containers is configured based on configuration informationof the requests; and selecting one of the plurality of containers toexecute the user code.
 5. The method as recited in claim 1, whereincreating the at least one container further comprises: determiningresource requirements using the configuration information; and creatingat least one container having at least the resource requirements.
 6. Themethod as recited in claim 1, wherein the software component comprisesat least one of a runtime or one or more libraries.
 7. The method asrecited in claim 1, further comprising: monitoring an activation historyof the user code in the identified virtual machine instance; andun-associating the identified virtual machine instance with the useraccount or destroying the container based on the activation history. 8.A system comprising: a computing device comprising a processor coupledto a memory, the memory including specific instructions that uponexecution configure the system to: provide a plurality of virtualmachine instances, wherein each of the plurality of virtual machineinstances contains at least one software component associated with atleast one programming language; receive a request to execute a usercode, the request comprising configuration information associated withthe user code, wherein the request is received at a first time; identifya virtual machine instance from the plurality of virtual machineinstances based on the configuration information of the request, whereinthe identified virtual machine instance contains a particular softwarecomponent that corresponds to the configuration information; and executethe user code on a container within the identified virtual machineinstance based on the configuration information, wherein the user codeis executed at a second time, and wherein a time period from the firsttime to the second time is less than a predetermined duration.
 9. Thesystem as recited in claim 8, wherein the predetermined duration is 100ms.
 10. The system as recited in claim 8, wherein the specificinstructions further configure the system to provide the plurality ofvirtual machine instances before receiving the request to execute theuser code.
 11. The system as recited in claim 8, wherein the softwarecomponent comprises at least one of a runtime or one or more libraries.12. The system as recited in claim 8, wherein the specific instructionsfurther configure the system to: monitor an activation history of theuser code in the identified virtual machine instance; and un-associatethe identified virtual machine instance with the user account or destroythe container based on the activation history.
 13. The system as recitedin claim 8, wherein the identified virtual machine instance comprisesthe container prior to receiving the request.
 14. The system as recitedin claim 13, wherein the container comprises the user code prior toreceiving the request.
 15. The system as recited in claim 13, whereinthe specific instructions further configure the system to select thecontainer based on resource requirements associated with the request.16. The system as recited in claim 8, wherein the specific instructionsfurther configure the system to create the container on the virtualmachine instance after receiving the request.
 17. A non-transitory,computer-readable storage medium storing computer-executableinstructions that, when executed by a computer system, configure thecomputer system to perform operations comprising: providing a pluralityof virtual machine instances, wherein each of the plurality of virtualmachine instances contains at least one software component associatedwith at least one programming language; receiving a request to execute auser code, the request comprising configuration information associatedwith the user code, wherein the request is received at a first time;identifying a virtual machine instance from the plurality of virtualmachine instances based on the configuration information of the request,wherein the identified virtual machine instance contains a particularsoftware component that corresponds to the configuration information;and executing the user code on a container within the identified virtualmachine instance based on the configuration information, wherein theuser code is executed at a second time, and wherein a time period fromthe first time to the second time is less than a predetermined duration.18. The non-transitory, computer-readable storage medium as recited inclaim 17, wherein the predetermined duration is 100 ms.
 19. Thenon-transitory, computer-readable storage medium as recited in claim 17,wherein the operations further comprise providing the plurality ofvirtual machine instances prior to receiving the request.
 20. Thenon-transitory, computer-readable storage medium as recited in claim 17,wherein the software component comprises at least one of a runtime orone or more libraries.
 21. The non-transitory, computer-readable storagemedium as recited in claim 17, wherein the operations further comprise:monitoring an activation history of the user code in the identifiedvirtual machine instance; and un-associating the identified virtualmachine instance with the user account or destroying the container basedon the activation history.
 22. The non-transitory, computer-readablestorage medium as recited in claim 17, wherein the identified virtualmachine instance comprises the container prior to receiving the request.23. The non-transitory, computer-readable storage medium as recited inclaim 22, wherein the container comprises the user code prior toreceiving the request.
 24. The non-transitory, computer-readable storagemedium as recited in claim 22, wherein the operations further compriseselecting the container based on resource requirements associated withthe request.
 25. The non-transitory, computer-readable storage medium asrecited in claim 17, wherein the operations further comprise creatingthe container on the virtual machine instance after receiving therequest.
 26. A computer implemented method for managing virtual machineinstances, the method comprising: providing a plurality of virtualmachine instances, wherein each of the plurality of virtual machineinstances contains at least one software component associated with atleast one programming language; receiving a request to execute a usercode, the request comprising configuration information associated withthe user code, wherein the request is received at a first time;identifying a virtual machine instance from the plurality of virtualmachine instances based on the configuration information of the request,wherein the identified virtual machine instance contains a particularsoftware component that corresponds to the configuration information;associating the identified virtual machine instance with a user accountassociated with the user code; and executing the user code on acontainer within the identified virtual machine instance based on theconfiguration information, wherein the user code is executed at a secondtime, and wherein a time period from the first time to the second timeis less than a predetermined duration.
 27. The method as recited inclaim 26, wherein the predetermined duration is 100 ms.
 28. The methodas recited in claim 26, wherein the method further comprises providingthe plurality of warmed virtual machine instances before receiving therequest.
 29. The method as recited in claim 26, wherein the softwarecomponent comprises at least one of a runtime or one or more libraries.30. The method as recited in claim 26, further comprising: monitoring anactivation history of the user code in the identified virtual machineinstance; and un-associating the identified virtual machine instancewith the user account or destroying the container based on theactivation history.
 31. The method as recited in claim 26, wherein theidentified virtual machine instance comprises the container prior toreceiving the request.
 32. The method as recited in claim 31, whereinthe container comprises the user code prior to receiving the request.33. The method as recited in claim 31, further comprising selecting thecontainer based on resource requirements associated with the request.34. The method as recited in claim 26, further comprising creating thecontainer on the virtual machine instance after receiving the request.